Youyiio BeyongCms Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Youyiio BeyongCms version 1.6.0. The issue arises in an unknown function within the file '/admin/theme/Upload.html', part of the Document Management Page component. This vulnerability can be exploited remotely by manipulating the 'File' argument to upload malicious files.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could lead to remote code execution if the uploaded files are executed on the server.

Reproduction

To reproduce this vulnerability, log into the admin panel and navigate to the Document Management section. Upload a ZIP file containing a malicious PHP file. Once uploaded, the file can be accessed through the theme management interface, where it will be executed. Alternatively, the file upload feature in the File management controller can be exploited by uploading a file with an 'exts' parameter set to a permissible extension, such as HTML, which could also lead to remote code execution if the server is configured to execute certain file types.